|
@@ -58,23 +58,24 @@ def run(cert_path_provider: CertPathProvider, config=None,
|
|
|
with open(vhost_absolute, "r") as vhost_file:
|
|
|
parsed_vhosts.extend(helpers.parse_apache_vhost(vhost_file))
|
|
|
|
|
|
- for entry in parsed_vhosts:
|
|
|
+ for vhost_entry in parsed_vhosts:
|
|
|
+ main_domain = vhost_entry.get_main_domain()
|
|
|
try:
|
|
|
- with open(entry[1], "r") as cert_file:
|
|
|
+ with open(main_domain, "r") as cert_file:
|
|
|
cert_text = cert_file.read()
|
|
|
except IOError:
|
|
|
- LOGGER.error("Error while opening cert file %s ", entry[1])
|
|
|
+ LOGGER.error("Error while opening cert file %s ", vhost_entry.get_cert_path())
|
|
|
else:
|
|
|
x509_current_cert = OpenSSL.crypto.load_certificate(
|
|
|
OpenSSL.crypto.FILETYPE_PEM, cert_text)
|
|
|
if "Let's Encrypt" in x509_current_cert.get_issuer().__str__():
|
|
|
- fullchain_path = cert_path_provider.provide_fullchain_path(entry[0])
|
|
|
+ fullchain_path = cert_path_provider.provide_fullchain_path(main_domain)
|
|
|
try:
|
|
|
with open(fullchain_path, "r") as acme_cert_file:
|
|
|
acme_cert_text = acme_cert_file.read()
|
|
|
except IOError:
|
|
|
LOGGER.error("Could not open certificate for %s in acme "
|
|
|
- "state directory", entry[0])
|
|
|
+ "state directory", main_domain)
|
|
|
else:
|
|
|
x509_acme_cert = OpenSSL.crypto.load_certificate(
|
|
|
OpenSSL.crypto.FILETYPE_PEM, acme_cert_text
|
|
@@ -85,39 +86,39 @@ def run(cert_path_provider: CertPathProvider, config=None,
|
|
|
if expiry_datetime < datetime.datetime.utcnow():
|
|
|
LOGGER.warning(
|
|
|
"Certificate for %s is expired and no newer "
|
|
|
- "one is available, bailing out!", entry[0])
|
|
|
+ "one is available, bailing out!", main_domain)
|
|
|
else:
|
|
|
serial_current_cert = \
|
|
|
x509_current_cert.get_serial_number()
|
|
|
serial_acme_cert = x509_acme_cert.get_serial_number()
|
|
|
if serial_current_cert == serial_acme_cert:
|
|
|
LOGGER.debug("Cert for %s matches with the one "
|
|
|
- "installed, nothing to do.", entry[1])
|
|
|
+ "installed, nothing to do.", main_domain)
|
|
|
else:
|
|
|
if tlsa:
|
|
|
- for domain in entry[3]:
|
|
|
+ for domain in vhost_entry.get_domains():
|
|
|
if domain not in tlsa_exclude:
|
|
|
helpers.create_tlsa_records(
|
|
|
domain, "443", x509_acme_cert,
|
|
|
named_key_path, dns_server)
|
|
|
- if helpers.copy_file(fullchain_path, entry[1]):
|
|
|
- acme_key_path = cert_path_provider.provide_key_path(entry[0])
|
|
|
- if helpers.copy_file(acme_key_path, entry[2]):
|
|
|
+ if helpers.copy_file(fullchain_path, vhost_entry.get_cert_path()):
|
|
|
+ acme_key_path = cert_path_provider.provide_key_path(main_domain)
|
|
|
+ if helpers.copy_file(acme_key_path, vhost_entry.get_key_path()):
|
|
|
LOGGER.info(
|
|
|
"Successfully renewed cert for %s",
|
|
|
- entry[0])
|
|
|
+ main_domain)
|
|
|
cert_renewed = True
|
|
|
else:
|
|
|
LOGGER.error(
|
|
|
"Renewal of cert for %s failed, "
|
|
|
"please clean up manually and "
|
|
|
"check the backup files!",
|
|
|
- entry[0])
|
|
|
+ main_domain)
|
|
|
else:
|
|
|
LOGGER.error("Renewal of cert for %s failed, "
|
|
|
"please clean up manually and "
|
|
|
"check the backup files!",
|
|
|
- entry[0])
|
|
|
+ main_domain)
|
|
|
if cert_renewed:
|
|
|
LOGGER.debug("Checking apache configuration")
|
|
|
try:
|